Slashdot Mirror
Zone-Spoofing Fixed for IE 7 Home Users
BeanBunny writes "The IE 7 dev team has essentially removed the intranet zone for Home users, resulting in a Web browser that is effectively invulnerable to a zone-spoofing attack. This security feature does not exist, however, on any installation that is part of a managed network. It also does not exist if you manually change the permissions on your Internet zone. However, in Windows Vista, both zones will be run in a 'protected mode,' something that allegedly prevents the invisible installation of code."
Everybody will be safe and secure, except of course for every single business in the known world?
No browser is safer that IE if you prevent it from accessing a network!
You just got troll'd!
The OP doesn't seem too sure of this new security ploy - I don't know how they plan to implement this, but I think claiming to have a completely secure way of doing things doesn't help your security in the long run. Immune to today's typical attack, maybe, but if/when vista takes over as the OS of choice for most computers, its vulnerablilities will be found and exploited. I remember how SP2 was supposed to be some sort of security godsend, and when I first tried to install it it BSOD'd my computer every startup until I reformatted & reinstalled windows. That's slightly off topic, but it's an example of how good-intentioned 'security' fixes can do little more than break something that's been manually secured in the first place.
http://www.TheGamerNation.com/Forums
Sounds like a good start for IE7. If vista comes around, I still won't use IE7 anyway. It's reputation is tarnished and no matter what Microsoft does, it won't bring back us Firefox, Opera, Safari and etc users.
If I was Microsoft, I'd implent IE competely away from shell and work with it individualy. I think it'll solve the majority of the problems.
IE7 is supposed to run in a fully protected mode by default. The protected mode is similar to a non-root user in *nix so that non-admin user programs do not have access to modify system files or settings. This is supposed to prevent spyware/adware that hooks into Windows processes and keep something one user may install from affecting other users of the system.
Slowly but surely MS is learning a few good tricks from the Linux crowd.
I still fail to understand why IE needs zones at all. If the security settings were less complicated and more reasonable, this wouldn't be a problem. Instead of trusted/intranet/internet, etc... why not a 'whitelist' and 'blacklist.' Simple and easy. Zones are complicated and confusing for most users, and many people end up setting the internet zone to low security so they can access their favorite Java/Flash/JS/ActiveX-addled whiz-bang website anyway.
But where is the innovation?
I'll be honest, I haven't followed the Vista track that closely, but I have yet to hear of any evolutional or even revolutional features that I can look forward to. I read the slashdots and the diggs of the internet so, are these sources too Google and Apple happy to report on the Windows front? Or is there simply nothing to report?
Other than Metro and their attempts at making their OS work like Tiger, what is left?
Don't say security.
- what is the definition of simultanagnosia?! I've been meaning to look it up!
Everyone should know that checkbox well -- and leave it alone and unchecked.
But where is the Never trust content from this provider ever again checkbox? The one I want to check every time I go to a site (all seemingly signed by the same certificate provider) that tries to install the 24-hour Time Manager, or You Must Click Yes to View This Site's Content when all trying to do is get out of a site I hadn't wanted in the first place.
That's what I want my browser to offer me -- along with an inability for any web-site to affect my browser's basic functioning, like disabling the right mouse key. When is that patch coming?
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
All of the snide remarks in this thread indicate that most of you hate any improvement in IE for fear of losing some of your anti-M$ ammo. Deep down in your hearts, you WANT IE to be insecure, you WANT Windows to be insecure, you WANT Vista to bomb, just like you LOVED Win9x crashes. The fact is, Microsoft is addressing their security problems, just as they did their stability problems, and that scares you guys to death.
You lost your stability argument, and slowly but surely, you're losing your security argument (the last major security outbreak happened back in 2003, and things will only get worse for you in Vista, where the default accounts are non-admin). Face the facts that you're going to have to find another argument ("free, as in beer", I suspect).
-- "I never gave these stories much credence." - HAL 9000
the last major security outbreak happened back in 2003
r wards outbreak happened in 2003.
Hahahahahahahaha (x1000)
The last catastophic, taking-down-millions-of-systems, DoSing-the-Internet, making-headlines-all-over-the-world-for-days-afte
Several major outbreaks have happened this year, Zobot for one. The only thing that saved the day was the uptake in XP installs; otherwise, we would have had another Code Red on our hands.
Incremental improvement. A good thing for Microsoft, a good thing for average users, a good thing for the internet, yes. But "slowly but surely, you're losing your security argument"? Call me when a million Linux webservers get infected. Call me when desktop Linux starts spreading automatically executed worm code.
Most importantly, call me when Linux sees as many viruses and/or outbreaks as its marketshare would imply. Not the almsot nonexistent numbers we see today. That always seems to be the argument, that it's a marketshare thing. So just keep in touch, and let me know when 5% (or whatever Linux is at) of viruses/worms/spyware is targetted at, and infecting, Linux. Then you might actually have a point.
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.